Emulator Cheats

Posted: **Thu May 25, 2006 7:15 pm**

ShimaPong surely knows howto deassembly the memory.
What deasm you use? I have IDAPRO and OLLYDBG.
How can I use them?

Posted: **Fri May 26, 2006 12:41 am**

You have to recompile MAME yourself and make a debug build. Other disassemblers are of little use - you need a disassembler/debugger for each CPU hence you use the MAME debugger - which when you get used to it is VERY powerful.

Posted: **Fri May 26, 2006 5:09 am**

IDA pro (the legit Professional version at least) has support for tons of different CPUs; it can be very useful for this sort of thing as a companion to the MAME debugger.

Posted: **Fri May 26, 2006 9:00 am**

Well I never knew that. But, what sort of power does it have for such things and how well does it work with MAME and other emulators is it just a disassembler or could it be used as a debugger with breakpoints,watchpoints, regpoints & traces and has it got any useful extras? It would be great to have a really powerful debugger for use with other emulators..../me salivates at the possibilities.

Posted: **Fri May 26, 2006 11:29 am**

It's a very powerful disassembler with good analysis tools, but out of the box it's only a debugger for x86. I'm not sure how extendable the debugger is; if it's general-case enough someone could probably write a debugger client for MAME that could talk with IDA via a plugin or the remote debugger interface.

I just use it for the annotated disassembly and switch back and forth between it and the MAME debugger.

Posted: **Fri May 26, 2006 5:21 pm**

Kriptokapi wrote:What deasm you use?

I'm using new MAME debugger only. If you have other "favorite" debugger, you should use it. Sorry, I can't assist in this case. Although I think it's the best choice for a beginner to start with MAME debugger.

But it's important problem that tracing or understanding a program code rather than how to use a debugger. I have taught myself to catch up. Fortunetly, I have found several databases for an opcode per CPU on Japanese web sight. (And a game-magazine inclueded a cheat code, how to hacking etc.)

Posted: **Mon May 29, 2006 6:13 pm**

It's REALLY necessary to recompile? Please, tell me it's untrue!!!
I have MAMEplus!106u1, I tried to activate debugger, nothing happens... How should I adjust?

Posted: **Mon May 29, 2006 6:42 pm**

Yes I'm afraid it is necessary to recompile, if you have an ATHLON cpu I can send you my athlon optimised debug build.

Posted: **Wed May 31, 2006 4:37 pm**

Send it!
Send it!
Send it!
Send it!
Send it!
Send it!
Send it!
Thanks! You are wonderful!

Posted: **Wed May 31, 2006 11:43 pm**

I think it maybe a bit big for your email inbox (around 9.5 megs).
Here's the commandline version of the MAME 0.106 optimised debug build for the Athlon CPU...let me know when you have it so I can delete it.

http://www.zen87661.zen.co.uk/mame0106debugbuild.zip

Use MAME -debug -cheat gamename on the commandline to run it

Posted: **Wed Jun 07, 2006 11:31 am**

Thanks for the post, it works perfectly! But I think this file must be included in the main downloads, together with your cheat files.
In fact, NO INTERNET SITE host a debug mame release
00
V
/\

and so this file is VERY useful! Or else, please write a guide: howto recompile mame easily. I tried, but the compiler (not quite user friendly

)requests a lot of .o files, not included in the source!
vv
V
/\
LOADS OF thanks anyway.
_______________________________
Someone can tell me why this cheat doesn't work?

:ddragon:20A20000:5C3E:00CC0000:FFFFFFFF:not working

I putted a watchpoint and I notice that this address stays unchanged

regardless of this code.

Posted: **Wed Jun 07, 2006 2:54 pm**

Kriptokapi wrote:Thanks for the post, it works perfectly! But I think this file must be included in the main downloads, together with your cheat files.
In fact, NO INTERNET SITE host a debug mame release

Yes well debug builds are really only meant to help the mamedevs, and as they are programming the drivers they obviously have no problems compiling the debug build themselves. With the exception of cheat finding by a few cheat finders there is little call for debug builds as they will just confuse most people and they are marginally slower than non-debug builds I believe - though as never use anything but a debug build I can't personally confirm that.

and so this file is VERY useful! Or else, please write a guide: howto recompile mame easily. I tried, but the compiler (not quite user friendly )requests a lot of .o files, not included in the source!

It is very easy - the .o (object) files are made from the source via the make command.

Look at the Easy way - http://www.mamedev.org/tools/ , and download the two files it mentions and extract them as instructed. Grab the MAME source and extract into a subdir in the mingw path. Then make a .bat file to set the mingw/bin into your path - so a new mingw.bat file with this in it:-

Code: Select all

SET PATH=R:\prg\Mingw\bin

Obviously change the hd and dir to suit where you've put mingw. Open the /bin folder and copy the mingw32-make.exe and rename the copy make.exe.

Now in the mingw folder run mingw.bat and then change to the source folder and type make and wait. Don't forget to edit the makefile first though so that it will make you a debug build (and other stuff if you desire)....then just wait for it to compile takes anywhere from 15 mins to an hour.

Someone can tell me why this cheat doesn't work?

:ddragon:20A20000:5C3E:00CC0000:FFFFFFFF:not working

I putted a watchpoint and I notice that this address stays unchanged regardless of this code.

It's paged memory....try something like:-

:ddragon:20A20000:15C3E:00CC0000:FFFFFFFF:not working

Posted: **Thu Jun 08, 2006 12:22 pm**

Okay Pugsy!!!!! You was wonderful as ever! Loads of thanks, but my curiosity is like wind, she never stops!!!
How can I distinguish "RAM", "paged memory", "ROM" regions, and why 99.9% of the ROMHACK cheats *require* "region"?
(Don't tell me "watch the indexes in the cheats\options\..." 'cause it's too much generic, I can't be satisfied.)
I think i'll post soon a little "guide" for ROM hacks with basical instr, and related codes- (in M6800 djnz=... and so on) 'cause the MAME decompiler is useless if ya want an AS-sembler.
I must understand this, or I'll never become a decent cheatfinder!

\\\ SUGGESTIONS FOR MAMEDEVS ///

I think mamedevs must add an option in the cfg file like
DEFAULT_CHEAT_INTERFACE = default/advanced
and also PLEASE IMPROVE SOON THE DISASSEMBLER!!!!!!!!!!!!!!
If it can't assemble (and it neither perform a code analysis), please add a command that puts dumped instructions list in a txt file, or the ROM hacking soon becomes a

frustrating experience!!!!!!

Why this da__ed deassembler refuse to put a bp during execution?
Save me from desperation, i'm only a poor okapi!

Suggestion ends. Hi

(ps I'll try to compile my MAME, one day...)

Posted: **Thu Jun 08, 2006 2:21 pm**

Kriptokapi wrote:How can I distinguish "RAM", "paged memory", "ROM" regions, and why 99.9% of the ROMHACK cheats *require* "region"?
(Don't tell me "watch the indexes in the cheats\options\..." 'cause it's too much generic, I can't be satisfied.)

A good rule of thumb is if you changing program code it will be a ROM cheat (either unpaged or paged) with the exception of cassette loaded games (and perhaps games using disks). You can look at the mame source for some information about a game's memory map but often if a ROM cheat doesn't appear to be working it's often quicker just to put a watchpoint on the address and cycle through the options and if that doesn't work try just adding a 1 infront of the address which work for a high percentage of games. Also remember some games use an encrypted CPU which mean that changing the opcode may not have effect even if the watchpoint says it does - so you will have to try and get the same effect by changing the operand instead.

I think i'll post soon a little "guide" for ROM hacks with basical instr, and related codes- (in M6800 djnz=... and so on) 'cause the MAME decompiler is useless if ya want an AS-sembler.
I must understand this, or I'll never become a decent cheatfinder!

It's true that the debugger can't assemble but you can use the DASM command to dump out a disassembly of the code to a file, you can then use a text editor to search the value needed for the opcode you want. I do this for CPUs I'm not very good with - for 6502 and 68000 I generally remember the opcodes anyway.

\\\ SUGGESTIONS FOR MAMEDEVS ///

I think mamedevs must add an option in the cfg file like
DEFAULT_CHEAT_INTERFACE = default/advanced

It's already there, I think you need to check out the :_command: option - look at the cheat file for how it works (it's near the top)

and also PLEASE IMPROVE SOON THE DISASSEMBLER!!!!!!!!!!!!!!
If it can't assemble (and it neither perform a code analysis), please add a command that puts dumped instructions list in a txt file, or the ROM hacking soon becomes a frustrating experience!!!!!!

You can pretty much do most ROM hacking using BP, WPSET, DASM and most importantly TRACE.

Why this da__ed deassembler refuse to put a bp during execution?
Save me from desperation, i'm only a poor okapi!

BP works fine here, make sure you've set the BP on the right CPU - see HELP BPSET. You can use OBSERVE or IGNORE to toggle which CPUs you which to look at in the debugger

Posted: **Thu Jun 08, 2006 3:32 pm**

Okay, okay, i'll soon ckeck it out.

Posted: **Sat Jun 10, 2006 7:38 pm**

Double Dragon - A bit of already DEASM code (DoubleDragon)

Here is an interesting ROM region for experiments.

;Main Program (?) start
4015: 7E 56 F5 JMP $56F5
4018: 7E 57 F6 JMP $57F6
401B: 7E 51 9C JMP $519C
401E: 7E 43 13 JMP $4313
4021: 7E 4A F7 JMP $4AF7
4024: 7E 4B 7B JMP $4B7B ;Idle code? - Use this line for skip the other actions
4027: 7E 4C 0E JMP $4C0E
402A: 7E 4D 90 JMP $4D90
402D: 7E 50 61 JMP $5061
4030: 7E 5E DE JMP $5EDE
4033: 7E 54 FF JMP $54FF
4036: 7E 5E 91 JMP $5E91
4039: 7E 5B 90 JMP $5B90
403C: 7E 51 3E JMP $513E
403F: 7E 51 2B JMP $512B
4042: 7E 44 66 JMP $4466
4045: 7E 4F 7E JMP $4F7E
4048: 7E 4F FD JMP $4FFD
404B: 7E 4E 4B JMP $4E4B
404E: 7E 53 0A JMP $530A
4051: 7E 52 9F JMP $529F
4054: 7E 51 71 JMP $5171
4057: 7E 5E 55 JMP $5E55
405A: 7E 5F 90 JMP $5F90
405D: 7E 60 FB JMP $60FB
4060: 7E 61 69 JMP $6169
4063: 7E 50 A7 JMP $50A7
4066: 7E 50 A7 JMP $50A7
4069: 7E 50 A7 JMP $50A7
406C: 7E 42 0B JMP $420B
406F: 7E 61 BA JMP $61BA
4072: 7E 61 D4 JMP $61D4
4075: 7E 5B FD JMP $5BFD ;Action for enemy AI? - Replace with 61D5 -> No enemy displayed (buggy)
4078: 7E 5C 32 JMP $5C32 ;Action for losing weapons.
407B: 7E 61 D5 JMP $61D5 ;Death/Disappear ?
407E: 7E 63 76 JMP $6376
4081: 7E 63 DD JMP $63DD
4084: 7E 64 11 JMP $6411
4087: 7E 62 46 JMP $6246
408A: 7E 64 86 JMP $6486
408D: 7E 62 81 JMP $6281
4090: 7E 63 0D JMP $630D
4093: 7E 64 AA JMP $64AA
4096: 7E 64 AA JMP $64AA
4099: 7E 42 79 JMP $4279
409C: 7E 65 01 JMP $6501
409F: 7E 65 26 JMP $6526
40A2: 7E 42 D1 JMP $42D1
40A5: 7E 64 AA JMP $64AA
40A8: 7E 64 AB JMP $64AB
40AB: 7E 64 CD JMP $64CD
40AE: 7E 5D DC JMP $5DDC
40B1: 7E 72 9C JMP $729C
40B4: 7E 72 9D JMP $729D
40B7: 7E 6D 63 JMP $6D63
40BA: 7E 6D D2 JMP $6DD2
40BD: 7E 6E 59 JMP $6E59
40C0: 7E 43 C3 JMP $43C3
40C3: 7E 73 5E JMP $735E
40C6: 7E 75 39 JMP $7539
40C9: 7E 75 5F JMP $755F
40CC: 7E 75 9C JMP $759C
40CF: 7E 66 CC JMP $66CC
40D2: 7E 77 57 JMP $7757
40D5: 7E 76 74 JMP $7674
40D8: 7E 76 2F JMP $762F
40DB: 7E 75 A9 JMP $75A9
40DE: 7E 75 EC JMP $75EC
40E1: 7E 76 B2 JMP $76B2
40E4: 7E 76 FE JMP $76FE
;Main Program (?) ends

If you wanna look close to DDragon code, you can modify the codes:
Remember that code for NOP is 12 (3 times nop = 121212 -> will be exec the next instruction.)
Let's try! And if someone can find the description for ALL the actions, he is nearly
a genie

.

Code: Select all

;Format for the ROMhack is:
;??-> 15-E4 !!!!-> A subprog. entry point.
;:ddragn2u:20A20000:140??:007E!!!!:FFFFFFFF:RomHack (If you find sthg interesting, post it.)

Posted: **Sat Jun 10, 2006 8:57 pm**

I can't understand what you do.

Posted: **Mon Jun 12, 2006 8:12 pm**

> My Double Dragon cheat was an ATTEMPT to stop the restless mechanism PICK-WEAPONS,LOSE-WEAPONS,PICK-WEAPONS,...
> and i wanted to stop the modification of the addresses that contain the references to weapons.
> Too bad my ROMhack is buggy, it cause (when it works!) also the enemies to not lose the weapon. Usually game crashes whenever someone thows an object.

> The main addresses for that purposes was listed in my thread DDRAGON, SOME NEW HACKS.
> I can't find any good code for the whip, only for baseball stick.

I think the routine about a weapon is the same between players and enemies. In this case, try to search a flag for a player or an enemy and added the check routine newly.

Posted: **Wed Jun 14, 2006 5:16 pm**

I already tried all combinations, I'm so sick and tired!!!

I'll go no further with this game, I am only a debutant.
I found good ROMhacks for Gauntlet, check that out, but DDragon is too demanding for me.
Only a true hacker can found that codes, I'm not a serious hacker. Forgive me if you can!

Posted: **Wed Jun 14, 2006 6:44 pm**

Kriptokapi wrote:I already tried all combinations, I'm so sick and tired!!!

I can't establish his try because he doesn't explain it so that I say that he NEVER finishes trying all combinations.

Emulator Cheats

Shimapong, dont'be shy... (de-assembly for ROMHACK!)

Shimapong, dont'be shy... (de-assembly for ROMHACK!)

MAMEplus!106u1 - recompiled?????????

okay!!!!

Thanks again...

I-AM-BOTHERED-OF-THIS-DA**ED-GAME!